forked from fedi/mastodon
✨ Add an LDAP Mail attribute config (#12053)
Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>
This commit is contained in:
parent
911cc14481
commit
bd8dc9bd0c
|
@ -183,6 +183,8 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io
|
||||||
# LDAP_BIND_DN=
|
# LDAP_BIND_DN=
|
||||||
# LDAP_PASSWORD=
|
# LDAP_PASSWORD=
|
||||||
# LDAP_UID=cn
|
# LDAP_UID=cn
|
||||||
|
# LDAP_MAIL=mail
|
||||||
|
# LDAP_SEARCH_FILTER=(|(%{uid}=%{email})(%{mail}=%{email}))
|
||||||
# LDAP_UID_CONVERSION_ENABLED=true
|
# LDAP_UID_CONVERSION_ENABLED=true
|
||||||
# LDAP_UID_CONVERSION_SEARCH=., -
|
# LDAP_UID_CONVERSION_SEARCH=., -
|
||||||
# LDAP_UID_CONVERSION_REPLACE=_
|
# LDAP_UID_CONVERSION_REPLACE=_
|
||||||
|
|
|
@ -178,7 +178,8 @@ STREAMING_CLUSTER_NUM=1
|
||||||
# LDAP_BIND_DN=
|
# LDAP_BIND_DN=
|
||||||
# LDAP_PASSWORD=
|
# LDAP_PASSWORD=
|
||||||
# LDAP_UID=cn
|
# LDAP_UID=cn
|
||||||
# LDAP_SEARCH_FILTER=%{uid}=%{email}
|
# LDAP_MAIL=mail
|
||||||
|
# LDAP_SEARCH_FILTER=(|(%{uid}=%{email})(%{mail}=%{email}))
|
||||||
# LDAP_UID_CONVERSION_ENABLED=true
|
# LDAP_UID_CONVERSION_ENABLED=true
|
||||||
# LDAP_UID_CONVERSION_SEARCH=., -
|
# LDAP_UID_CONVERSION_SEARCH=., -
|
||||||
# LDAP_UID_CONVERSION_REPLACE=_
|
# LDAP_UID_CONVERSION_REPLACE=_
|
||||||
|
|
|
@ -6,7 +6,7 @@ module LdapAuthenticable
|
||||||
class_methods do
|
class_methods do
|
||||||
def authenticate_with_ldap(params = {})
|
def authenticate_with_ldap(params = {})
|
||||||
ldap = Net::LDAP.new(ldap_options)
|
ldap = Net::LDAP.new(ldap_options)
|
||||||
filter = format(Devise.ldap_search_filter, uid: Devise.ldap_uid, email: params[:email])
|
filter = format(Devise.ldap_search_filter, uid: Devise.ldap_uid, mail: Devise.ldap_mail, email: params[:email])
|
||||||
|
|
||||||
if (user_info = ldap.bind_as(base: Devise.ldap_base, filter: filter, password: params[:password]))
|
if (user_info = ldap.bind_as(base: Devise.ldap_base, filter: filter, password: params[:password]))
|
||||||
ldap_get_user(user_info.first)
|
ldap_get_user(user_info.first)
|
||||||
|
@ -25,7 +25,7 @@ module LdapAuthenticable
|
||||||
resource = joins(:account).find_by(accounts: { username: safe_username })
|
resource = joins(:account).find_by(accounts: { username: safe_username })
|
||||||
|
|
||||||
if resource.blank?
|
if resource.blank?
|
||||||
resource = new(email: attributes[:mail].first, agreement: true, account_attributes: { username: safe_username }, admin: false, external: true, confirmed_at: Time.now.utc)
|
resource = new(email: attributes[Devise.ldap_mail.to_sym].first, agreement: true, account_attributes: { username: safe_username }, admin: false, external: true, confirmed_at: Time.now.utc)
|
||||||
resource.save!
|
resource.save!
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -53,6 +53,8 @@ module Devise
|
||||||
@@ldap_base = nil
|
@@ldap_base = nil
|
||||||
mattr_accessor :ldap_uid
|
mattr_accessor :ldap_uid
|
||||||
@@ldap_uid = nil
|
@@ldap_uid = nil
|
||||||
|
mattr_accessor :ldap_mail
|
||||||
|
@@ldap_mail = nil
|
||||||
mattr_accessor :ldap_bind_dn
|
mattr_accessor :ldap_bind_dn
|
||||||
@@ldap_bind_dn = nil
|
@@ldap_bind_dn = nil
|
||||||
mattr_accessor :ldap_password
|
mattr_accessor :ldap_password
|
||||||
|
@ -369,8 +371,9 @@ Devise.setup do |config|
|
||||||
config.ldap_bind_dn = ENV.fetch('LDAP_BIND_DN')
|
config.ldap_bind_dn = ENV.fetch('LDAP_BIND_DN')
|
||||||
config.ldap_password = ENV.fetch('LDAP_PASSWORD')
|
config.ldap_password = ENV.fetch('LDAP_PASSWORD')
|
||||||
config.ldap_uid = ENV.fetch('LDAP_UID', 'cn')
|
config.ldap_uid = ENV.fetch('LDAP_UID', 'cn')
|
||||||
|
config.ldap_mail = ENV.fetch('LDAP_MAIL', 'mail')
|
||||||
config.ldap_tls_no_verify = ENV['LDAP_TLS_NO_VERIFY'] == 'true'
|
config.ldap_tls_no_verify = ENV['LDAP_TLS_NO_VERIFY'] == 'true'
|
||||||
config.ldap_search_filter = ENV.fetch('LDAP_SEARCH_FILTER', '%{uid}=%{email}')
|
config.ldap_search_filter = ENV.fetch('LDAP_SEARCH_FILTER', '(|(%{uid}=%{email})(%{mail}=%{email}))')
|
||||||
config.ldap_uid_conversion_enabled = ENV['LDAP_UID_CONVERSION_ENABLED'] == 'true'
|
config.ldap_uid_conversion_enabled = ENV['LDAP_UID_CONVERSION_ENABLED'] == 'true'
|
||||||
config.ldap_uid_conversion_search = ENV.fetch('LDAP_UID_CONVERSION_SEARCH', '.,- ')
|
config.ldap_uid_conversion_search = ENV.fetch('LDAP_UID_CONVERSION_SEARCH', '.,- ')
|
||||||
config.ldap_uid_conversion_replace = ENV.fetch('LDAP_UID_CONVERSION_REPLACE', '_')
|
config.ldap_uid_conversion_replace = ENV.fetch('LDAP_UID_CONVERSION_REPLACE', '_')
|
||||||
|
|
Loading…
Reference in a new issue